DEBIAN-CVE-2016-1000110

DEBIAN-CVE-2016-1000110 PUBLISHED CVSS 6.099999904632568 MEDIUM

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	python2.7	0, 0, 0

Exploit Intelligence

Attempts to detect web applications vulnerable to "httpoxy" (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-1000109, CVE-2016-1000110). The script attempts to detect this vulnerability by measuring the response time when assigning a non-existing proxy to the headers. In theory, vulnerable applications will try to connect to the bad proxy increasing the response time. To reduce false positives we run the test several times and we expect the response time from the request ... (nmap-nse)

Timeline

Jul 22, 2016 PoC Published
Nov 27, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-1000110 advisory

Open in Interactive Console →